Closed code423n4 closed 2 years ago
hack3r-0m
https://github.com/code-423n4/2021-11-streaming/blob/main/Streaming/src/Locke.sol#L795-L803
createStream does not check if deposit token and reward token are different addresses.
createStream
Not Required
Manual Review
add check require(rewardToken != depositToken)
require(rewardToken != depositToken)
dupe of #215
0xean
commented
2 years ago 0xean
commented
2 years ago
Handle
hack3r-0m
Vulnerability details
Impact
https://github.com/code-423n4/2021-11-streaming/blob/main/Streaming/src/Locke.sol#L795-L803
createStreamdoes not check if deposit token and reward token are different addresses.Proof of Concept
Not Required
Tools Used
Manual Review
Recommended Mitigation Steps
add check
require(rewardToken != depositToken)